isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rework source layout in preparation for modular sudo.

Browse Source
This commit is contained in:
Todd C. Miller
2010-02-20 09:14:01 -05:00
parent 28c24027ec
commit e90fa482f9
151 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

330
doc/sudoreplay.cat Normal file
View File

@@ -0,0 +1,330 @@
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
NNAAMMEE
sudoreplay - replay sudo session logs
SSYYNNOOPPSSIISS
ssuuddoorreeppllaayy [--dd _d_i_r_e_c_t_o_r_y] [--mm _m_a_x___w_a_i_t] [--ss _s_p_e_e_d___f_a_c_t_o_r] ID
ssuuddoorreeppllaayy [--dd _d_i_r_e_c_t_o_r_y] -l [search expression]
DDEESSCCRRIIPPTTIIOONN
ssuuddoorreeppllaayy plays back or lists the session logs created by ssuuddoo. When
replaying, ssuuddoorreeppllaayy can play the session back in real-time, or the
playback speed may be adjusted (faster or slower) based on the command
line options. The _I_D should be a six character sequence of digits and
upper case letters, e.g. 0100A5, which is logged by ssuuddoo when a
command is run with session logging enabled.
In list mode, ssuuddoorreeppllaayy can be used to find the ID of a session based
on a number of criteria such as the user, tty or command run.
In replay mode, if the standard output has not been redirected,
ssuuddoorreeppllaayy will act on the following keys:
' ' (space)
Pause output; press any key to resume.
'<' Reduce the playback speed by one half.
'>' Double the playback speed.
OOPPTTIIOONNSS
ssuuddoorreeppllaayy accepts the following command line options:
-d _d_i_r_e_c_t_o_r_y
Use _d_i_r_e_c_t_o_r_y to for the session logs instead of the
default, _/_v_a_r_/_l_o_g_/_s_u_d_o_-_s_e_s_s_i_o_n_s.
-l Enable "list mode". In this mode, ssuuddoorreeppllaayy will list
available session IDs. If a _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is
specified, it will be used to restrict the IDs that are
displayed. An expression is composed of the following
predicates:
command _c_o_m_m_a_n_d _p_a_t_t_e_r_n
Evaluates to true if the command run matches
_c_o_m_m_a_n_d _p_a_t_t_e_r_n. On systems with POSIX regular
expression support, the pattern may be an extended
regular expression. On systems without POSIX
regular expression support, a simple substring
match is performed instead.
cwd _d_i_r_e_c_t_o_r_y
Evaluates to true if the command was run with the
specified current working directory.
1.7.3b2 December 19, 2009 1
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
fromdate _d_a_t_e
Evaluates to true if the command was run on or
after _d_a_t_e. See "Date and time format" for a
description of supported date and time formats.
group _r_u_n_a_s___g_r_o_u_p
Evaluates to true if the command was run with the
specified _r_u_n_a_s___g_r_o_u_p. Note that unless a
_r_u_n_a_s___g_r_o_u_p was explicitly specified when ssuuddoo was
run this field will be empty in the log.
runas _r_u_n_a_s___u_s_e_r
Evaluates to true if the command was run as the
specified _r_u_n_a_s___u_s_e_r. Note that ssuuddoo runs commands
as user _r_o_o_t by default.
todate _d_a_t_e
Evaluates to true if the command was run on or
prior to _d_a_t_e. See "Date and time format" for a
description of supported date and time formats.
tty _t_t_y Evaluates to true if the command was run on the
specified terminal device. The _t_t_y should be
specified without the _/_d_e_v_/ prefix, e.g. _t_t_y_0_1
instead of _/_d_e_v_/_t_t_y_0_1.
user _u_s_e_r _n_a_m_e
Evaluates to true if the ID matches a command run
by _u_s_e_r _n_a_m_e.
Predicates may be abbreviated to the shortest unique string
(currently all predicates may be shortened to a single
character).
Predicates may be combined using _a_n_d, _o_r and _! operators as
well as '(' and ')' for grouping (note that parentheses
must generally be escaped from the shell). The _a_n_d
operator is optional, adjacent predicates have an implied
_a_n_d unless separated by an _o_r.
-m _m_a_x___w_a_i_t Specify an upper bound on how long to wait between key
presses or output data. By default, ssuuddoo__rreeppllaayy will
accurately reproduce the delays between key presses or
program output. However, this can be tedious when the
session includes long pauses. When the _-_m option is
specified, ssuuddoorreeppllaayy will limit these pauses to at most
_m_a_x___w_a_i_t seconds. The value may be specified as a floating
point number, .e.g. _2_._5.
-s _s_p_e_e_d___f_a_c_t_o_r
This option causes ssuuddoorreeppllaayy to adjust the number of
seconds it will wait between key presses or program output.
This can be used to slow down or speed up the display. For
example, a _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as
1.7.3b2 December 19, 2009 2
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
fast whereas a _s_p_e_e_d___f_a_c_t_o_r of <.5> would make the output
twice as slow.
-V The --VV (version) option causes ssuuddoorreeppllaayy to print its
version number and exit.
DDaattee aanndd ttiimmee ffoorrmmaatt
The time and date may be specified multiple ways, common formats
include:
HH:MM:SS am MM/DD/CCYY timezone
24 hour time may be used in place of am/pm.
HH:MM:SS am Month, Day Year timezone
24 hour time may be used in place of am/pm, and month and day
names may be abbreviated. Note that month and day of the week
names must be specified in English.
CCYY-MM-DD HH:MM:SS
ISO time format
DD Month CCYY HH:MM:SS
The month name may be abbreviated.
Either time or date may be omitted, the am/pm and timezone are
optional. If no date is specified, the current day is assumed; if no
time is specified, the first second of the specified date is used. The
less significant parts of both time and date may also be omitted, in
which case zero is assumed. For example, the following are all valid:
The following are all valid time and date specifications:
now The current time and date.
tomorrow
Exactly one day from now.
yesterday
24 hours ago.
2 hours ago
2 hours ago.
next Friday
The first second of the next Friday.
this week
The current time but the first day of the coming week.
a fortnight ago
The current time but 14 days ago.
10:01 am 9/17/2009
10:01 am, September 17, 2009.
1.7.3b2 December 19, 2009 3
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
10:01 am
10:01 am on the current day.
10 10:00 am on the current day.
9/17/2009
00:00 am, September 17, 2009.
10:01 am Sep 17, 2009
10:01 am, September 17, 2009.
FFIILLEESS
_/_v_a_r_/_l_o_g_/_s_u_d_o_-_s_e_s_s_i_o_n The default session directory.
_/_v_a_r_/_l_o_g_/_s_u_d_o_-_s_e_s_s_i_o_n_/_0_0_/_0_0_/_0_1
Example session log info.
_/_v_a_r_/_l_o_g_/_s_u_d_o_-_s_e_s_s_i_o_n_/_0_0_/_0_0_/_0_1_._s_c_r
Example session transcript file.
_/_v_a_r_/_l_o_g_/_s_u_d_o_-_s_e_s_s_i_o_n_/_0_0_/_0_0_/_0_1_._t_i_m
Example session timing file.
EEXXAAMMPPLLEESS
List sessions run by user _m_i_l_l_e_r_t:
sudoreplay -l user millert
List sessions run by user _b_o_b with a command containing the string vi:
sudoreplay -l user bob command vi
List sessions run by user _j_e_f_f that match a regular expression:
sudoreplay -l user jeff command '/bin/[a-z]*sh'
List sessions run by jeff or bob on the console:
sudoreplay -l ( user jeff or user bob ) tty console
SSEEEE AALLSSOO
_s_u_d_o(1m), _s_c_r_i_p_t(1)
AAUUTTHHOORR
Todd C. Miller
BBUUGGSS
If you feel you have found a bug in ssuuddoorreeppllaayy, please submit a bug
report at http://www.sudo.ws/sudo/bugs/
SSUUPPPPOORRTT
Limited free support is available via the sudo-users mailing list, see
http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
the archives.
1.7.3b2 December 19, 2009 4
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
DDIISSCCLLAAIIMMEERR
ssuuddoorreeppllaayy is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose are disclaimed.
See the LICENSE file distributed with ssuuddoo or
http://www.sudo.ws/sudo/license.html for complete details.
1.7.3b2 December 19, 2009 5